Defect detection method and device based on configuration analysis engine, and computer readable storage medium

A technology of analysis engine and defect detection, applied in computer-readable storage medium, in the field of defect detection based on configuration analysis engine, which can solve problems such as security vulnerabilities

Pending Publication Date: 2020-07-07
思客云(北京)软件技术有限公司
View PDF13 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

These HTML-based static and dynamic languages ​​usually have configuration security holes, which pose a huge challenge to information security.
[0003] On the other hand, XML and properties are widely used in web development to store configuration information, such as database connection information, application link information, 404 page jump information and http port information, etc. There are also some configuration security holes in these files

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Defect detection method and device based on configuration analysis engine, and computer readable storage medium
  • Defect detection method and device based on configuration analysis engine, and computer readable storage medium
  • Defect detection method and device based on configuration analysis engine, and computer readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] figure 1 A flowchart showing a defect detection method based on a configuration analysis engine provided by an embodiment of the present invention. An embodiment of the present invention provides a defect detection method based on a configuration analysis engine, the method comprising: Step 1: input a file; Step 2: determine the type of the input file, and use a corresponding analysis engine to analyze the input file; Step 3: Find and judge the content that meets the defect characteristics; Step 4: Find the corresponding defect knowledge base for the found defect; Step 5: Generate a defect result file. Optionally, in step 2, if the input file is a property file, the K-V analysis engine utilizes the java.util.Properties class to parse the input file, and then obtains all Key-Values ​​of the input file after parsing right value. Optionally, in step 3, use the K-V analysis engine to load the K-V rule to analyze whether the value of each Key-Value pair in the value of ...

Embodiment 2

[0052] According to an embodiment of the present invention, the present invention provides a defect detection device based on a configuration analysis engine, such as Figure 4 As shown, it includes: a memory 10, a processor 12, and a computer program stored on the memory 10 and operable on the processor 12. When the computer program is executed by the processor 12, the above embodiment 1 is realized. The steps of the configuration analysis engine based defect detection method described in .

Embodiment 3

[0054] According to an embodiment of the present invention, the present invention provides a computer-readable storage medium, and the computer-readable storage medium stores a program for implementing information transmission, and when the program is executed by a processor, the above-mentioned embodiment 1 is implemented. The steps of the defect detection method based on configuration analysis engine.

[0055] The technical scheme of the present invention uses data nodes to record data information, which is simple, easy to expand, and easy to use. The data in the data information table is sorted by name, which can realize quick search and is more convenient to use. All node information is stored in the data information table, and all subsequent data operations can directly look up the table instead of looking up the syntax tree, which greatly improves the efficiency of use. Data crossing nodes are recorded separately as multiple data links, which is not easy to cause co...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a defect detection method and a defect detection device based on a configuration analysis engine, and a computer readable storage medium. The defect detection method comprisesthe steps of: 1, inputting a file; 2, judging a type of the input file, and analyzing the input file by using a corresponding analysis engine; 3, searching and judging content conforming to defect characteristics; 4, aiming at the searched defects, searching a corresponding defect knowledge base; and 5, generating a defect result file. According to the defect detection method and the defect detection device, the problem that the defect library cannot be expanded by a user is solved; a systematic configuration analysis method can be constructed, the method is high in expandability and easy touse, only one rule needs to be added every time, and the method can be used through simple training; and a final user of the system can conveniently expand and add new defects, systematicness and uniformity are achieved for management of the configuration type loopholes, wide popularization can be achieved, and convenience is brought to learning and use of developers and safety personnel.

Description

technical field [0001] The invention relates to the technical field of source code security detection, in particular to a defect detection method, device and computer-readable storage medium based on a configuration analysis engine. Background technique [0002] At present, with the development of the Internet and the mobile Internet, Web application systems are becoming more and more common and popular, and HTML5 and Web pages used in the mobile Internet are all based on the HTML language. The final result of dynamic language generation is also HTML pages, such as JSP language, ASP language, and page output of PHP and Python languages. These HTML-based static and dynamic languages ​​usually have configuration security holes, which pose a huge challenge to information security. [0003] On the other hand, XML and properties are widely used in web development to store configuration information, such as database connection information, application link information, 404 page j...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06F21/57G06F8/41
CPCG06F21/563G06F21/577G06F8/427
Inventor 王宏
Owner 思客云(北京)软件技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap